5.2.3 Input and Output

--armor

-a

Create PEM encoded output. Default is binary output.

--base64

Create Base-64 encoded output; i.e., PEM without the header lines.

--assume-armor

Assume the input data is PEM encoded. Default is to autodetect the encoding but this is may fail.

--assume-base64

Assume the input data is plain base-64 encoded.

--assume-binary

Assume the input data is binary encoded.

--input-size-hint n

This option can be used to tell GPGSM the size of the input data in bytes. n must be a positive base-10 number. It is used by the --status-fd line “PROGRESS” to provide a value for “total” if that is not available by other means.

--p12-charset name

gpgsm uses the UTF-8 encoding when encoding passphrases for PKCS#12 files. This option may be used to force the passphrase to be encoded in the specified encoding name. This is useful if the application used to import the key uses a different encoding and thus will not be able to import a file generated by gpgsm. Commonly used values for name are Latin1 and CP850. Note that gpgsm itself automagically imports any file with a passphrase encoded to the most commonly used encodings.

--default-key user_id

Use user_id as the standard key for signing. This key is used if no other key has been defined as a signing key. Note, that the first --local-users option also sets this key if it has not yet been set; however --default-key always overrides this.

--local-user user_id

-u user_id

Set the user(s) to be used for signing. The default is the first secret key found in the database.

--recipient name

-r

Encrypt to the user id name. There are several ways a user id may be given (see how-to-specify-a-user-id).

--output file

-o file

Write output to file. The default is to write it to stdout.

--with-key-data

Displays extra information with the --list-keys commands. Especially a line tagged grp is printed which tells you the keygrip of a key. This string is for example used as the file name of the secret key. Implies --with-colons.

--with-validation

When doing a key listing, do a full validation check for each key and print the result. This is usually a slow operation because it requires a CRL lookup and other operations.

When used along with --import, a validation of the certificate to import is done and only imported if it succeeds the test. Note that this does not affect an already available certificate in the DB. This option is therefore useful to simply verify a certificate.

--with-md5-fingerprint

For standard key listings, also print the MD5 fingerprint of the certificate.

--with-keygrip

Include the keygrip in standard key listings. Note that the keygrip is always listed in --with-colons mode.

--with-secret

Include info about the presence of a secret key in public key listings done with --with-colons.

--no-pretty-dn

By default gpgsm prints distinguished names (DNs) like the Issuer or Subject in a more readable format (e.g., using a well defined order of the parts). However, this format can’t be used as input strings. This option reverts printing to standard RFC-2253 format and thus avoids the need to use --dump-cert or --with-colons to get the “real” name.